Spammers busiest mid-week and during business hours, says IBM

Are you sluggish on Mondays and Fridays? So are spammers.

That’s one of the findings IBM researchers came up with after going through six months of data captured in its honeypots to learn when spammers and their spam bots do the most work. The results were outlined in a blog published today.

The biggest day for spam was Tuesday, followed by Wednesday and Thursday, with significant drops on weekends. Either attackers want their weekends, or they assume many people don’t look at their email — particularly office email — on weekends.

However, infosec pros shouldn’t get complacent: According to a graph in the blog, while spam volumes are down Mondays and Fridays, it looks like it’s only a slight drop relative to other days.

Spam Trends 2017

(Total spam distribution per daily volumes. IBM graphic)


Spam volumes begin to increase around 1 a.m. on the U.S. East Coast, researchers found, because spammers start off with Europe before they follow the sun and start spamming recipients in the U.S. The big drop in spam comes at around 8 p.m. 4 p.m. EST, but some spamming lingers thereafter, likely only in the U.S. at that point.

Attackers are very conscious of when they send campaigns. For example, because some Trojans such as DridexTrickBot and QakBot are cybergang-owned malware designed to rob business bank accounts, these gangs make sure to spam employees in very pointed bouts of malicious mail, during business hours.

During the period studied the top country where spam originated from was India.

Spam trends per country 2017

(IBM graphic)

And while many spam campaigns are delivered by automated botnets IBM researchers believea lot of work that still goes into each one. “Botnet operators are constantly looking for new ways to circumvent spam filters and make it through to recipients’ inboxes without being blocked or their malicious attachments being disabled,” the blog says.

For example, IBM [NYSE: IBM] researchers found the Necurs botnet alone has shuffled its delivery tactics very frequently in the past few months, moving from filing Microsoft Office documents with malicious exploits, to poisoned PDF files embedded with a laced Office file, to sending malware in .WSF files. Most recently, the operators have been delivering fake DocuSign attachments to keep evading security.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now